mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
- djm@cvs.openbsd.org 2014/07/03 11:16:55
[auth.c auth.h auth1.c auth2.c] make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker
This commit is contained in:
parent
0f12341402
commit
686feb560e
@ -58,6 +58,11 @@
|
||||
- jmc@cvs.openbsd.org 2014/07/03 07:45:27
|
||||
[ssh_config.5]
|
||||
escape %C since groff thinks it part of an Rs/Re block;
|
||||
- djm@cvs.openbsd.org 2014/07/03 11:16:55
|
||||
[auth.c auth.h auth1.c auth2.c]
|
||||
make the "Too many authentication failures" message include the
|
||||
user, source address, port and protocol in a format similar to the
|
||||
authentication success / failure messages; bz#2199, ok dtucker
|
||||
|
||||
20140702
|
||||
- OpenBSD CVS Sync
|
||||
|
16
auth.c
16
auth.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -326,6 +326,20 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
auth_maxtries_exceeded(Authctxt *authctxt)
|
||||
{
|
||||
packet_disconnect("Too many authentication failures for "
|
||||
"%s%.100s from %.200s port %d %s",
|
||||
authctxt->valid ? "" : "invalid user ",
|
||||
authctxt->user,
|
||||
get_remote_ipaddr(),
|
||||
get_remote_port(),
|
||||
compat20 ? "ssh2" : "ssh1");
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether root logins are disallowed.
|
||||
*/
|
||||
|
5
auth.h
5
auth.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -154,6 +154,7 @@ void auth_info(Authctxt *authctxt, const char *, ...)
|
||||
__attribute__((__format__ (printf, 2, 3)))
|
||||
__attribute__((__nonnull__ (2)));
|
||||
void auth_log(Authctxt *, int, int, const char *, const char *);
|
||||
void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
|
||||
void userauth_finish(Authctxt *, int, const char *, const char *);
|
||||
int auth_root_allowed(const char *);
|
||||
|
||||
@ -210,8 +211,6 @@ struct passwd *fakepw(void);
|
||||
|
||||
int sys_auth_passwd(Authctxt *, const char *);
|
||||
|
||||
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
|
||||
|
||||
#define SKEY_PROMPT "\nS/Key Password: "
|
||||
|
||||
#if defined(KRB5) && !defined(HEIMDAL)
|
||||
|
4
auth1.c
4
auth1.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
|
||||
/* $OpenBSD: auth1.c,v 1.81 2014/07/03 11:16:55 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -363,7 +363,7 @@ do_authloop(Authctxt *authctxt)
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
|
||||
#endif
|
||||
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
|
||||
auth_maxtries_exceeded(authctxt);
|
||||
}
|
||||
|
||||
packet_start(SSH_SMSG_FAILURE);
|
||||
|
4
auth2.c
4
auth2.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.131 2014/07/03 11:16:55 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -362,7 +362,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
|
||||
#endif
|
||||
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
|
||||
auth_maxtries_exceeded(authctxt);
|
||||
}
|
||||
methods = authmethods_get(authctxt);
|
||||
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
|
||||
|
Loading…
Reference in New Issue
Block a user